Privacy Policy

1. Information We Collect

1.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

• Register for an eSignMe account
• Upload documents for electronic signature
• Contact us for support or inquiries
• Subscribe to our newsletter or marketing communications

This information may include:

• Full name and contact information (email address, phone number, mailing address)
• Account credentials (username and encrypted password)
• Payment information (processed securely through third-party payment processors)
• Professional information (company name, job title, industry)

1.2 Document Information

We collect and process documents that you upload to our platform, including:

• Document content and metadata
• Signature data and authentication information
• Audit trail information (timestamps, IP addresses, device information)
• Communication records related to document signing processes

1.3 Technical Information

We automatically collect certain technical information when you use our services:

• Device information (hardware model, operating system, browser type and version)
• Network information (IP address, internet service provider)
• Usage data (pages visited, features used, time spent on platform)
• Log files and analytics data
• Cookies and similar tracking technologies

1.4 Third-Party Information

We may receive information about you from third-party sources:

• Social media platforms (if you choose to connect your accounts)
• Business partners and integrations
• Public databases and directories
• Identity verification services

2. How We Use Your Information

2.1 Service Provision

We use your information to:

• Create and maintain your eSignMe account
• Process and facilitate electronic signatures
• Store and manage your documents securely
• Provide customer support and technical assistance
• Process payments and manage billing

2.2 Service Improvement

We analyze usage data to:

• Improve our platform's functionality and user experience
• Develop new features and services
• Optimize system performance and reliability
• Conduct research and analytics
• Troubleshoot technical issues

2.3 Communication

We may use your contact information to:

• Send transactional emails (account notifications, document status updates)
• Provide customer support responses
• Send marketing communications (with your consent)
• Notify you of important service updates or security alerts
• Conduct user surveys and feedback requests

2.4 Legal and Security

We process information to:

• Comply with legal obligations and regulatory requirements
• Protect against fraud, abuse, and unauthorized access
• Enforce our Terms of Service and other policies
• Respond to legal requests and court orders
• Maintain audit trails for compliance purposes

3. Information Sharing and Disclosure

3.1 Service Providers

We may share your information with trusted third-party service providers who assist us in:

• Cloud hosting and data storage
• Payment processing
• Email delivery and communication services
• Analytics and performance monitoring
• Customer support tools
• Security and fraud prevention services

3.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

3.3 Legal Requirements

We may disclose your information when required by law or in good faith belief that such disclosure is necessary to:

• Comply with legal processes, court orders, or government requests
• Protect our rights, property, or safety, or that of our users
• Investigate potential violations of our Terms of Service
• Prevent or address fraud, security, or technical issues

3.4 Consent-Based Sharing

We may share your information with third parties when you have provided explicit consent for such sharing, including:

• Integration with third-party applications
• Sharing documents with specified recipients
• Participation in joint marketing initiatives

3.5 Aggregated Data

We may share aggregated, anonymized data that cannot be used to identify individual users for:

• Industry research and reporting
• Marketing and promotional purposes
• Service improvement and development

4. Data Security and Protection

4.1 Encryption and Security Measures

We implement industry-leading security measures to protect your information:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• End-to-end encryption for sensitive document content
• Multi-factor authentication options
• Regular security audits and penetration testing
• SOC 2 Type II compliance

4.2 Access Controls

We maintain strict access controls:

• Role-based access permissions for employees
• Regular access reviews and updates
• Secure authentication protocols
• Monitoring and logging of all system access
• Background checks for personnel with data access

4.3 Data Centers and Infrastructure

Our data is stored in:

• Tier IV certified data centers
• Geographically distributed locations for redundancy
• Climate-controlled, physically secure facilities
• 24/7 monitoring and surveillance
• Backup and disaster recovery systems

4.4 Incident Response

In the event of a security incident:

• We maintain a comprehensive incident response plan
• Affected users will be notified within 72 hours
• We will provide detailed information about the incident
• Remediation steps will be implemented immediately
• We will cooperate with law enforcement as necessary

5. Your Rights and Choices

5.1 Access Rights

You have the right to:

• Request access to your personal information
• Obtain a copy of your data in a portable format
• Review how your information is being used
• Request information about third parties who have received your data

5.2 Correction and Update Rights

You may:

• Update your account information at any time
• Request correction of inaccurate personal information
• Modify your communication preferences
• Update payment and billing information

5.3 Deletion Rights

You have the right to:

• Request deletion of your personal information
• Close your account and remove associated data
• Request removal from marketing communications
• Delete specific documents or data sets

5.4 Portability Rights

You may:

• Export your documents and data
• Transfer your information to another service provider
• Request data in commonly used formats
• Receive assistance with data migration

5.5 Objection and Restriction Rights

You may:

• Object to certain types of data processing
• Request restriction of processing activities
• Opt-out of marketing communications
• Withdraw consent for optional data uses

5.6 Exercising Your Rights

To exercise these rights:

• Contact us at privacy@esignme.net
• Use the privacy controls in your account settings
• Submit requests through our support portal
• We will respond within 30 days of receiving your request

6. International Data Transfers

6.1 Global Operations

eSignMe operates globally and may transfer your information to countries other than your country of residence. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries with equivalent privacy protections
• Binding Corporate Rules for intra-group transfers
• Certification schemes and codes of conduct

6.2 Cross-Border Safeguards

When transferring data internationally, we:

• Conduct transfer impact assessments
• Implement additional security measures as needed
• Monitor regulatory developments and compliance requirements
• Maintain records of all international transfers

6.3 Regional Compliance

We comply with regional privacy laws including:

• General Data Protection Regulation (GDPR) - European Union
• California Consumer Privacy Act (CCPA) - United States
• Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
• Lei Geral de Proteção de Dados (LGPD) - Brazil

7. Data Retention

7.1 Retention Periods

We retain your information for different periods based on the type of data and purpose:

• Account information: Retained while your account is active plus 7 years after closure
• Document data: Retained according to your settings or legal requirements (minimum 7 years)
• Payment information: Retained for 7 years for tax and accounting purposes
• Marketing data: Retained until you opt-out or for 3 years of inactivity
• Log files and analytics: Retained for 2 years for security and performance analysis

7.2 Legal and Regulatory Requirements

Some information may be retained longer to comply with:

• Tax and accounting regulations
• Anti-money laundering requirements
• Electronic signature laws and regulations
• Litigation holds and legal proceedings
• Regulatory investigations and audits

7.3 Secure Deletion

When retention periods expire:

• Data is securely deleted using industry-standard methods
• Backups are purged according to our retention schedule
• Physical media is destroyed using certified processes
• Deletion certificates are maintained for audit purposes

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for basic website functionality and security
• Performance Cookies: Help us understand how visitors interact with our website
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements (with your consent)

8.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services.

9. Children's Privacy

Our Services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our systems.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EU residents, you also have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.